CVE-2026-26114
Published: 10 March 2026
Description
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Mitigating Controls (NIST 800-53 r5)AI
Requires timely flaw remediation through patching the specific deserialization vulnerability in Microsoft Office SharePoint to prevent remote code execution.
Enforces validation of untrusted data inputs to block deserialization of malicious payloads by authorized low-privilege attackers over the network.
Implements memory protections such as ASLR and DEP to mitigate exploitation of deserialization flaws leading to remote code execution.
Security SummaryAI
CVE-2026-26114 is a deserialization of untrusted data vulnerability (CWE-502) in Microsoft Office SharePoint. Published on 2026-03-10T18:18:40.413, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.
An authorized attacker with low privileges (PR:L) can exploit this vulnerability over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Successful exploitation allows remote code execution, compromising confidentiality, integrity, and availability at a high level (C:H/I:H/A:H) within the unchanged security scope (S:U).
Mitigation details are available in the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26114.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2026-26114 is a deserialization vulnerability in Microsoft Office SharePoint enabling remote code execution, directly mapping to exploitation of a public-facing web application.